Deeplinks Blog posts about EFF Europe

We have interviewed Malte Spitz, a German politician and privacy advocate. Malte is well-known for using German privacy law—which, like the law of many European countries, gives individuals a right to see what private companies know about them—to force his cell phone carrier to reveal what it knew about him.

It has been six years since the highly controversial Data Retention Directive (DRD) was adopted in the European Union. Conceived in the EU and steamrolled by powerful U.S. and U.K. government lobbies, this mass-surveillance law compels EU-based Internet service providers to collect and retain traffic data revealing who communicates with whom by email, phone, and SMS, including the duration of the communication and the locations of the users. This data is often made available to law enforcement. Europeans have widely criticized the DRD, and year after year, it has inspired some of the largest-ever street protests against excessive surveillance.

Does using cloud computing services based in the United States create a risk of US law enforcement access to people's data? The US Department of Justice (DOJ) seems to be trying to placate international concern by saying one thing in international fora; but it says something quite different in the US courts.

The United States Government is taking its stance pressuring the European Union to weaken its new strengthened data protection bill. The European Union has a history of strong data protection standards, emboldened by the European Charter’s explicit provisions upholding data protection as a fundamental right. European Digital Rights (EDRi) revealed today a widespread U.S. lobbying effort against the November 29th leaked version of the legislative proposal for a Data Protection Regulation (DPR). DPR will repeal the existing EU Data Protection Directive, which details regulations regarding personal data processing within the European Union, and is due for official release on January, 25th 2012.

The European Parliament will vote soon on an agreement to formalize US procedures for retaining and providing EU based Passenger Name Record (PNR) data of EU and US citizens traveling into, out of, and through the United States. The agreement will determine how the Department of Homeland Security (DHS) will be able to use the broad swath of sensitive PNR information that is based in the European Union. PNR data contains a passenger’s travel itinerary and consists of 19 different data metrics ranging from your name and address to your seat number and any general comments made by the ticketing agent. Travel agents, airlines, hotels, car rental companies, and railways collect the data whenever you make a reservation to travel or buy a ticket. The data is stored in central databases called Computer Reservation Systems (CRSs), and is pushed from the CRSs to DHS for passenger screening.